EUVD-2021-27101

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Cross-site Scripting vulnerability in Zulip GitHub repository affecting versions between commits.

Reporter	Title	Published	Views	Family All 10
Huntr	Cross-site Scripting (XSS) - Stored in zulip/zulip	18 Dec 202116:54	–	huntr
Circl	CVE-2021-3866	20 Jan 202214:16	–	circl
CNNVD	Zulip 跨站脚本漏洞	20 Jan 202200:00	–	cnnvd
CNVD	zulip cross-site scripting vulnerability	23 Jan 202200:00	–	cnvd
CVE	CVE-2021-3866	20 Jan 202210:30	–	cve
Cvelist	CVE-2021-3866 Cross-site Scripting (XSS) - Stored in zulip/zulip	20 Jan 202210:30	–	cvelist
NVD	CVE-2021-3866	20 Jan 202211:15	–	nvd
OSV	CVE-2021-3866	20 Jan 202211:15	–	osv
Prion	Cross site scripting	20 Jan 202211:15	–	prion
RedhatCVE	CVE-2021-3866	22 May 202518:41	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "053de36e-ca95-325e-aea1-e0d0fe94f276",
        "vendor": {
          "name": "zulip"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "17253599-6532-32a7-a8c7-db20a373444f",
        "product": {
          "name": "zulip/zulip"
        },
        "product_version": "unspecified <3eb2791c3e9695f7d37ffe84e0c2184fae665cb6"
      },
      {
        "id": "cdc72ca1-d74f-3b95-9c7a-ca1871f57735",
        "product": {
          "name": "zulip/zulip"
        },
        "product_version": "44f935695d452cc3fb16845a0c6af710438b153d <unspecified"
      }
    ]
  }
]

Source	Link
huntr	www.huntr.dev/bounties/5f48dac5-e112-4b23-bbbf-cc00ba83bcf2
github	www.github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6
blog	www.blog.zulip.com/2022/01/19/cve-2021-3866/
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.1Medium risk

Vulners AI Score6.1

CVSS 36.8

CVSS 23.5

CVSS 3.15.4

EPSS0.00605